1. Field
The disclosure relates generally to an improved data processing system and more specifically to managing secure sessions.
2. Description of the Related Art
Servers are frequently used to control access to resources by one or more clients. The resources may be stored on the server or on a network to which the server is connected. A user wishing to access a resource to which access is controlled by the server typically connects to the server to request the access. Access is controlled based on the identity of the user or the client. In other words, access to the resource may be granted to one user connecting to the server on a particular client, while access to the resource may be denied to another user connecting the server on the same client or another client.
The server requests identification information from the client in order to determine whether the user is to be granted or denied the requested type of access to the requested resources. A resource, for example, is a file, a folder, a drive, an application, a database, or any other suitable information or organization of information. In some examples, the client requests the identification information from the user. The client may request the identification information by prompting the user to enter a user name and/or password, a biometric input, an access card, or another suitable identifier.
A client frequently accesses more than one resource on the server over a period of time. Sessions are created to avoid requesting the identification information from the client for each resource that is accessed. Sessions are commonly created when a server first transmits the requested identification information by sending session information to the client for the purpose of creating a cookie on the client. The cookie contains an identifier for the session. When creating the session, the server also stores the session identifier in a database of sessions. Upon transmitting subsequent requests for resources on the server, the client transmits the identifier for the session from the cookie to the server with the request. The client only transmits the identifier for the session from the cookie when the domain of the server receiving the request is the same as the domain of the server that set the cookie. For example, if a cookie is created with an identifier for a session on a server in the “yahoo.com” domain, the client will transmit the identifier from the cookie to future requests to “yahoo.com”, but not to requests to “google.com.” The server uses the identifier to make decisions about which resources may be returned or whether a session has existed for more than a particular period of time and has expired.
Servers are commonly taken offline to perform maintenance, to be moved, or due to hardware or software failures. Session data may be lost when the server is taken offline. Another server may provide access to the requested resources. For example, the servers may be configured in a cluster. If another server provides access to the requested resources, the client is requested by the second server to send identifying information to create a new session on the second server and have continued access to the resources. The identification information of the user may be requested again.
Accordingly, it would be advantageous to have a method, a computer program product, and an apparatus which takes into account one or more of the issues discussed above as well as possibly other issues.